Case study: Dunfermline Building Society

Collaboration is the key to successful information security

Collaboration is crucial

Kerrie Grier, chief security officer at Dunfermline Building Society, says information security is best achieved with a collaborative working mindset and adopting a multi-layered approach to technology.

“In the past, financial organisations have often given the job of information security to a networking expert,” she says.

“There was the tendency to think that securing information was all about the technology – the ‘I have a firewall and anti-virus software, I’m safe – end of story’ attitude, but now there is a move away from that narrow focus on IT security, especially because if there is going to be a fraud or security breach, it is more likely to come from inside the perimeter, a third party or someone you trust.”

Grier’s role is three-pronged. She ensures confidentiality, integrity and availability of information for Scotland’s largest mutual lender.

She oversees a “defence in depths” strategy against information security threats, where rather than just relying on creating an impenetrable wall around systems and assuming that inside the perimeter is safe, she has implemented a multi-level approach to the problem.

“We have multiple layers of security,” says Grier. “For example, we have a firewall for the external perimeter from one vendor and an internal firewall from another vendor.

“Both are high-availability clusters and not reliant on one box being available all the time. It comes down to information security best practice, which I feel very strongly about. Securing information within the organisation is all about business processes, training and awareness.”

She says that education is key – as is collaboration with the data protection officer, the compliance and risk manager, human resources and the legal team.

“Senior managers from all disciplines attend the information security forum for input and feedback,” says Grier. “It is easier to launch a new concept or recommendation if I have their support as they become ambassadors for security within their departments.”

As well as heading the information security forum, Grier sits on the fraud forum, and overseas Dunfermline’s collaborative approach.

Dunfermline uses Experian’s Hunter software to manage data sharing and help combat the potential for fraud, in conjunction with Equifax Risk Navigator.

“With the Hunter system we can check new applications for financial products against previous applications, claims and fraud databases,” says Grier. “It can check for discrepancies in real time and highlight data differences. A side effect is that it has improved data quality – any mismatches are sent to the data cleansing department for required amendments.

“Equifax Risk Navigator uses data from many sources to give a more predictive credit score. Using both systems gives a robust and multi-layered approach to accessing information that helps prevent fraud and reduce risk.”

Grier says the system’s success is down to a team effort from a technology and people perspective.